| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jan 2023 10:57:58 +0000
From: Quentin Monnet <quentin@...valent.com>
To: Christophe Leroy <christophe.leroy@...roup.eu>,
Tonghao Zhang <tong@...ragraf.org>,
Andrii Nakryiko <andrii@...nel.org>
Cc: Daniel Borkmann <daniel@...earbox.net>,
"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"loongarch@...ts.linux.dev" <loongarch@...ts.linux.dev>,
"linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
"linux-riscv@...ts.infradead.org" <linux-riscv@...ts.infradead.org>,
"linux-s390@...r.kernel.org" <linux-s390@...r.kernel.org>,
"sparclinux@...r.kernel.org" <sparclinux@...r.kernel.org>,
Hao Luo <haoluo@...gle.com>,
John Fastabend <john.fastabend@...il.com>,
Alexei Starovoitov <ast@...nel.org>,
Song Liu <song@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, Hou Tao <houtao1@...wei.com>,
KP Singh <kpsingh@...nel.org>, Yonghong Song <yhs@...com>,
Martin KaFai Lau <martin.lau@...ux.dev>,
"naveen.n.rao@...ux.ibm.com" <naveen.n.rao@...ux.ibm.com>,
"mpe@...erman.id.au" <mpe@...erman.id.au>
Subject: Re: [bpf-next v2] bpf: drop deprecated bpf_jit_enable == 2
2023-01-23 07:57 UTC+0000 ~ Christophe Leroy <christophe.leroy@...roup.eu>
>
>
> Le 17/01/2023 à 16:42, Quentin Monnet a écrit :
>>
>> In the meantime, you could disable the use of skeletons in bpftool, by
>> removing "clang-bpf-co-re" from FEATURE_TESTS from the Makefile. You
>> should get a functional binary, which would only miss a few features
>> (namely, printing the pids of programs holding references to BPF
>> programs, and the "bpftool prog profile" command).
>
> Ok, with "clang-bpf-co-re" removed, bpftool doesn't complain.
>
> However, does it work at all ?
Yes it does.
>
> I started a 'tcpdump', I confirmed with ' bpf_jit_enable == 2' that a
> BPF jitted program is created by tcpdump.
>
> 'bptool prog show' and 'bpftool prog list' returns no result.
Bpftool works with eBPF, not with the older "classic" BPF (cBPF) used by
tcpdump. You should see programs listed if you load anything eBPF, for
example by using BCC tools, bpftrace, or load an eBPF program any other
way from user space:
$ echo "int main(void) {return 0;}" | \
clang -O2 -target bpf -c -o foo.o -x c -
# bpftool prog load foo.o /sys/fs/bpf/foo type xdp
# bpftool prog list
# bpftool prog dump jited name main
# rm /sys/fs/bpf/foo
I know tcpdump itself can show the cBPF bytecode for its programs, but I
don't know of another way to dump the JIT-ed image for cBPF programs.
Drgn could probably do it, with kernel debug symbols.
Quentin
Powered by blists - more mailing lists